Snowden doesn't fuck around

Dance like no one's watching. Encrypt like everyone is.

Started talking with someone about general IT stuff. At some point we came to the subject of SSL certificates and he mentioned that 'that stuff is expensive' and so on.

Kindly told him about Let's Encrypt and also that it's free and he reacted: "Then I'd rather have no SSL, free certificates make you look like you're a cheap ass".

So I told him the principle of login/registration thingies and said that they really need SSL, whether it's free or not.

"Nahhh, then I'd still rather don't use SSL, it just looks so cheap when you're using a free certificate".

Hey you know what, what about you write that sentence on a whole fucking pack of paper, dip it into some sambal, maybe add some firecrackers and shove it up your ass? Hopefully that will bring some sense into your very empty head.

Not putting a secure connection on a website, (at all) especially when it has a FUCKING LOGIN/REGISTRATION FUNCTION (!?!?!?!!?!) is simply not fucking done in the year of TWO THOUSAND FUCKING SEVENTEEN.

'Ohh but the NSA etc won't do anything with that data'.

Has it, for one tiny motherfucking second, come to mind that there's also a thing called hackers? Malicious hackers? If your users are on hacked networks, it's easy as fuck to steal their credentials, inject shit and even deliver fucking EXPLOIT KITS.
Oh and you bet your ass the NSA will save that data, they have a whole motherfucking database of passwords they can search through with XKeyScore (snowden leaks).

Motherfucker.

Thanks for @PonySlaystation for coming up with this idea!

Wrote my first ever Firefox extension. It loads a json list from a server containing domains which, according to the snowden leaks of 2013, are integrated within a US powered mass surveillance network.

If it finds any urls on the page being loaded, it puts a fullscreen red background with a warning text and the links which match the surveillance criteria.

There's no way to continue to the web page yet, will try to add that later on.

With the wake of some rants shouting at Linuxers who express their opinion in a considered to be very not good way, I decided to make such a rant. Not to be annoying but because, although I get that fanboyism in that way isn't even good in MY opinion, I do think that one should be able to express their opinion.

But, If you'd like to express your opinion, I think you at least should do that with some good arguments. Not everyone might agree with those arguments but hey, that's the point of opinions sometimes :)

I don't hate windows/mac for being windows or mac. Nope.

I hate the systems for not giving the user freedom to do what they wish with the system but more importantly, for integrating their users in worlds biggest mass surveillance program AND on top of fucking that, not giving peoples the option to look at the source code aka at what's ACTUALLY going on in the system. Next to that, Windows 10's data collection is officially not legal in the netherlands so don't even try justifying their fucking data slurping.

Of course there's a chance that they don't contain any bad stuffs but since the Snowden revelations I don't trust those commercial companies anymore on their 'blue' eyes.

Yeah, I've ranted about this before, I know, felt like doing it again in combination with my reason above. I also know that I will probs receive hate for this but oh well, i'm used to that by now.

So yeah, windows and osx: go fuck yourself.

I just wanted to share a quote that I think is completely magnificent.

"Saying that you don't care about privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say."

- Edward Snowden

So as quite some people know on here, I am strongly against closed source software and have a very strong distrust in it as well.
So next to some principles (and believes etc etc etc) there is one specifc 'event' which triggered the distrust in CSS (No not Cascading Style sheet, I mean Closed Source Software :P). So hereby the story about what happened.

I think it was about 5 years ago when a guy joined my programming class (I wasn't in uni although I studied but for the sake of clarity, lets just call it uni for now (also, that makes me feel smarter so why the fuck not!)) in uni. He knew a shitload about programming for his age but he was convinced that he was always right. (that aside)
Anyways, at some point we had to work in groups on this project (groups for specific tasks) and he chose (he loved it, we hated it, he had the final say) Trello for 'project management'. He gave everyone (I was running Windows for a little bit at that moment because the project was in C# and the Snowden leaks had not arrived yet so I was not extremely uncomfortable with using Windows, just a lot) this addon program thingy he created for Trello which would make usage easier. I asked if it was open source, he replied with 'No, because this is my project.' and although I did understand that entirely, I didn't feel comfy using it because of it's closed source nature. Everyone declared me paranoid and he was annoyed as hell but I just kept refusing to use it and just used the web interface.

*skips to 2 years later*

I met that guy again at the train station at a random day! Had the usual 'how are you and what's up after a few years' talk with him and then he told me something that changed my view on closed source software for most probably the rest of my life.

"Hey by the way, do you remember that project of a few years back where you didn't want to use my software because of your 'closed-sourceness paranoia'? I just wanted to say that I actually had some kind of backdooring feature build in which (I am not going to say what) allowed me to (although I didn't use it) look at/do certain things with the 'infected' computers. I really wanted to say that I find it funny how you, the only one who didn't give in to my/the peer pressure, were the only one who wasn't affected by my 'backdoor' at that moment! Also your standards towards the use of closed source software probably played a big part probably. I find that pretty cool actually!"

Although I cannot confirm what he said, he was exactly the type of guy who would do this IMO (and not only IMO I think).

So yeah, that's one of the reasons AND the story behind a big part of why I don't trust closed source software :).

John Snowden

What I'm posting here is my 'manifesto'/the things I stand for. You may like it, you may hate it, you may comment but this is what I stand for.

What are the basic principles of life? one of them is sharing, so why stop at software/computers?
I think we should share our software, make it better together and don't put restrictions onto it. Everyone should be able to contribute their part and we should make it better together. Of course, we have to make money but I think that there is a very good way in making money through OSS.

Next to that, since the Snowden releases from 2013, it has come clear that the NSA (and other intelligence agencies) will try everything to get into anyone's messages, devices, systems and so on. That's simply NOT okay.
Our devices should be OUR devices. No agency should be allowed to warrantless bypass our systems/messages security/encryptions for the sake of whatever 'national security' bullshit. Even a former NSA semi-director traveled to the UK to oppose mass surveillance/mass govt. hacking because he, himself, said that it doesn't work.

We should be able to communicate freely without spying. Without the feeling that we are being watched. Too badly, the intelligence agencies of today do not want us to do this and this is why mass surveillance/gag orders (companies having to reveal their users' information without being allowed to alert their users about this) are in place but I think that this is absolutely wrong. When we use end to end encrypted communications, we simply defend ourselves against this non-ethical form of spying.
I'm a heavy Signal (and since a few days also Riot.IM (matrix protocol) (Riot.IM with end to end crypto enabled)), Tutanota (encrypted email) and Linux user because I believe that only those measures (open source, reliable crypto) will protect against all the mass spying we face today.
The applications/services I strongly oppose are stuff like WhatsApp (yes, encryted messages but the metadata is readily available and it's closed source), skype, gmail, outlook and so on and on and on.

I think that we should OWN our OWN data, communications, browsing stuffs, operating systems, softwares and so on.

This was my rant.

Started working on a pihole alternative a while ago.

I like pihole a lot but one of the features I am missing is to be able to define a list of mass surveillance related domains (Snowden leaks; PRISM program and such) and show statistics based on dns queries containing blacklisted domains, prases/words and surveillance-related domains/words (google/facebook/microsoft/apple etc).

Started working on one based on an existing (php based) dns server which is open source and slowly but surely developed something which worked.
Then, I found out that the php resolving function (dns resolving) uses the system default, which can, of course, be google's dns as well. Changing this would be ideal but while the documentation suggested that it could be done some way, it didn't work for me so I chose a library which can do it with specific dns servers (to use as external dns servers).
This library used a different way of showing the retrieved dns query results and really wasn't in for converting everything by hand so i kinda quit the project a while ago.

A few days ago I thought fuck it and started again.
Now have a working version based on the new dns resolving library and made some other good improvements.

For those who are wondering why I chose PHP for this: why the fuck not?

Happy happy happy.

I just watched the Snowden movie. I feel really uncomfortable now.

The degree to which I take security seriously would probably make Ed Snowden shit his pants.

Just watched Snowden

to check if Edward had completed his assignment that is supposed to take 5 hours but Ed does it in 40 min, top CIA director guy types:

cd backup
ls

Into computer terminal.

Pats Ed on back. Well done super hacker.

Apparently by opening a folder and looking at what files are in said folder you can confirm the success of a CIA exam.

Soooo... Edward Snowden does not like Allo.

Holy fucking shit.
I just read an article about Barton Gellman, one of the journalists that wrote the snowden articles for the Washington Post and one of the 3 that got contacted directly by snowden.

It seams like several intelligence agencies tried/succeeded to compromise his infrastructure.
His iPad got compromised through an RCE exploit.
The turkish intelligence service tried to compromise his laptop by tricking him into installing a customized RAT.

Like fuck man, I can't imagine how it is to be targeted by pretty much every government there is.

Snowden follows only one.

Anyone else does this? 😂

We should start with demystifying tech...
For most people, modern phones, tablets and pcs are magical rectangles...
The law of Clarke says, that every sufficiently advanced technology is indistinguishable from magic.
And we have to tackle that.
In geography, we should talk about gps and glosnas
In English or foreign language lessons, we should speak about translator bots and language patters/abstractions
In physics, we have to understand the measurement devices
In politics, we have to speak about licenses of use, we have to speak about netneutrality as a political concept, we have to speak about snowden, shadow brokers, the vault, all the laws some shady imperial beauroticians pipe into our life.
Trojans used by the government and so on...
In cs concepts of operating systems, abstractions and networking should be taught, instead of using excel.
That could be done in math...
Well... No one should have to work with excel.
In maths they could use Wolfram alpha, rlang and gnupolt for example

Who is excited to watch Snowden movie with Joseph Gordon Levitt as Snowden?

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

me after watching snowden(2016) yesterday : "Holy shit, government is going to fuck our privacy!!"

me after watching the circle today: "Holy shit big private companies are going to fuck our privacy!!"

My office senior watching me "Holy yeah boss is going to fuck your privacy"

self.rant = self.dev = False
I just won a debate defending mass surveillance and I hate myself.
I actually used Snowden to defend it.

I tried ProtonMail after a user here got creeped out after watching snowden. And I like it. Sick of gmails intrusion to what I buy, where I go and yes the need of phone number. Why tho?
I think we as a developer community should educate the need of such encrypted non-intrusive services not necessarily proton to common people. Privacy is a right.
*doesnt apply to insta models though, lulz*